From c19745b1dcac5deaccac84abcac127258bb791d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergio=20Go=CC=81mez?= <sergio@uco.es>
Date: Sun, 11 Oct 2015 22:48:05 +0200
Subject: [PATCH] XML data is loaded using SAML2_DOMDocumentFactory class
---
lib/SimpleSAML/Bindings/Shib13/Artifact.php | 7 +++--
lib/SimpleSAML/Bindings/Shib13/HTTPPost.php | 3 +-
lib/SimpleSAML/Metadata/SAMLParser.php | 28 +++++++++----------
lib/SimpleSAML/Metadata/Signer.php | 5 ++--
lib/SimpleSAML/Utils/XML.php | 15 +++++++---
lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 6 ++--
modules/adfs/lib/IdP/ADFS.php | 3 +-
modules/adfs/lib/XMLSecurityDSig.php | 3 +-
modules/cas/lib/Auth/Source/CAS.php | 2 +-
modules/core/lib/Auth/Process/TargetedID.php | 2 +-
modules/metarefresh/lib/MetaLoader.php | 10 ++++---
modules/saml/docs/sp.txt | 2 +-
.../Process/PersistentNameID2TargetedID.php | 2 +-
modules/saml/lib/IdP/SAML2.php | 3 +-
www/saml2/idp/ArtifactResolutionService.php | 3 +-
15 files changed, 49 insertions(+), 45 deletions(-)
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 0b27c03c4..5987ceba8 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -74,8 +74,9 @@ class SimpleSAML_Bindings_Shib13_Artifact {
private static function extractResponse($soapResponse) {
assert('is_string($soapResponse)');
- $doc = new DOMDocument();
- if (!$doc->loadXML($soapResponse)) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($soapResponse);
+ } catch(\Exception $e) {
throw new SimpleSAML_Error_Exception('Error parsing SAML 1 artifact response.');
}
@@ -101,7 +102,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
* Save the <saml1p:Response> element. Note that we need to import it
* into a new document, in order to preserve namespace declarations.
*/
- $newDoc = new DOMDocument();
+ $newDoc = SAML2_DOMDocumentFactory::create();
$newDoc->appendChild($newDoc->importNode($responseElement, TRUE));
$responseXML = $newDoc->saveXML();
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index 70624ceb9..0cd3e1688 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -58,8 +58,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost
$privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, true);
$publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, true);
- $responsedom = new DOMDocument();
- $responsedom->loadXML(str_replace("\r", "", $response));
+ $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace("\r", "", $response));
$responseroot = $responsedom->getElementsByTagName('Response')->item(0);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 2e52614f4..f6b02fab4 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -215,12 +215,11 @@ class SimpleSAML_Metadata_SAMLParser
*/
public static function parseFile($file)
{
- $doc = new DOMDocument();
-
$data = \SimpleSAML\Utils\HTTP::fetch($file);
- $res = $doc->loadXML($data);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($data);
+ } catch(\Exception $e) {
throw new Exception('Failed to read XML from file: '.$file);
}
@@ -238,10 +237,9 @@ class SimpleSAML_Metadata_SAMLParser
*/
public static function parseString($metadata)
{
- $doc = new DOMDocument();
-
- $res = $doc->loadXML($metadata);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($metadata);
+ } catch(\Exception $e) {
throw new Exception('Failed to parse XML string.');
}
@@ -302,11 +300,12 @@ class SimpleSAML_Metadata_SAMLParser
$data = \SimpleSAML\Utils\HTTP::fetch($file);
- $doc = new DOMDocument();
- $res = $doc->loadXML($data);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($data);
+ } catch(\Exception $e) {
throw new Exception('Failed to read XML from file: '.$file);
}
+
if ($doc->documentElement === null) {
throw new Exception('Opened file is not an XML document: '.$file);
}
@@ -328,10 +327,9 @@ class SimpleSAML_Metadata_SAMLParser
*/
public static function parseDescriptorsString($string)
{
- $doc = new DOMDocument();
-
- $res = $doc->loadXML($string);
- if ($res !== true) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($string);
+ } catch(\Exception $e) {
throw new Exception('Failed to parse XML string.');
}
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index 225050ffd..7ed716703 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -180,8 +180,9 @@ class SimpleSAML_Metadata_Signer
// convert the metadata to a DOM tree
- $xml = new DOMDocument();
- if (!$xml->loadXML($metadataString)) {
+ try {
+ $xml = SAML2_DOMDocumentFactory::fromString($metadataString);
+ } catch(Exception $e) {
throw new Exception('Error parsing self-generated metadata.');
}
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index bd09a319d..938ce6fd7 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -8,6 +8,8 @@
namespace SimpleSAML\Utils;
+use Symfony\Component\Config\Definition\Exception\Exception;
+
class XML
{
@@ -226,8 +228,9 @@ class XML
throw new \InvalidArgumentException('Invalid input parameters');
}
- $doc = new \DOMDocument();
- if (!$doc->loadXML($xml)) {
+ try {
+ $doc = \SAML2_DOMDocumentFactory::fromString($xml);
+ } catch(\Exception $e) {
throw new \DOMException('Error parsing XML string.');
}
@@ -399,8 +402,12 @@ class XML
$dom = $xml;
$res = true;
} else {
- $dom = new \DOMDocument;
- $res = $dom->loadXML($xml);
+ try {
+ $dom = \SAML2_DOMDocumentFactory::fromString($xml);
+ $res = true;
+ } catch(Exception $e) {
+ $res = false;
+ }
}
if ($res) {
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index d228d811a..dad0a6fcc 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -56,9 +56,9 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
public function setXML($xml) {
assert('is_string($xml)');
- $this->dom = new DOMDocument();
- $ok = $this->dom->loadXML(str_replace ("\r", "", $xml));
- if (!$ok) {
+ try {
+ $this->dom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $xml));
+ } catch(\Exception $e) {
throw new Exception('Unable to parse AuthnResponse XML.');
}
}
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index edb15c4bf..8fd9699e8 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -94,8 +94,7 @@ class sspmod_adfs_IdP_ADFS {
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('AssertionID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
- $responsedom = new DOMDocument();
- $responsedom->loadXML(str_replace ("\r", "", $response));
+ $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
diff --git a/modules/adfs/lib/XMLSecurityDSig.php b/modules/adfs/lib/XMLSecurityDSig.php
index 330a63fa3..53c309312 100644
--- a/modules/adfs/lib/XMLSecurityDSig.php
+++ b/modules/adfs/lib/XMLSecurityDSig.php
@@ -15,7 +15,6 @@
class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
function __construct($metaxml) {
- $sigdoc = new DOMDocument();
$template = '';
if (strpos("\n", $metaxml) === FALSE) {
@@ -25,7 +24,7 @@ class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
$template = self::template;
}
- $sigdoc->loadXML($template);
+ $sigdoc = SAML2_DOMDocumentFactory::fromString($template);
$this->sigNode = $sigdoc->documentElement;
}
}
diff --git a/modules/cas/lib/Auth/Source/CAS.php b/modules/cas/lib/Auth/Source/CAS.php
index 301cb76ac..84b366ee4 100644
--- a/modules/cas/lib/Auth/Source/CAS.php
+++ b/modules/cas/lib/Auth/Source/CAS.php
@@ -118,7 +118,7 @@ class sspmod_cas_Auth_Source_CAS extends SimpleSAML_Auth_Source {
));
$result = \SimpleSAML\Utils\HTTP::fetch($url);
- $dom = DOMDocument::loadXML($result);
+ $dom = SAML2_DOMDocumentFactory::fromString($result);
$xPath = new DOMXpath($dom);
$xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
$success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index 1151a24c9..4e595b27d 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -136,7 +136,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}
- $doc = new DOMDocument();
+ $doc = SAML2_DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index 91f505e28..40c0359cb 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -252,12 +252,14 @@ class sspmod_metarefresh_MetaLoader {
*/
private function loadXML($data, $source) {
$entities = array();
- $doc = new DOMDocument();
- $res = $doc->loadXML($data);
- if($res !== TRUE) {
+ try {
+ $doc = SAML2_DOMDocumentFactory::fromString($data);
+ } catch (Exception $e) {
throw new Exception('Failed to read XML from ' . $source['src']);
}
- if($doc->documentElement === NULL) throw new Exception('Opened file is not an XML document: ' . $source['src']);
+ if ($doc->documentElement === NULL) {
+ throw new Exception('Opened file is not an XML document: ' . $source['src']);
+ }
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsElement($doc->documentElement);
return $entities;
}
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 063be47c1..c3a24c8f1 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -459,7 +459,7 @@ Here we will list some examples for this authentication source.
### Using samlp:Extensions
- $dom = new DOMDocument();
+ $dom = SAML2_DOMDocumentFactory::create();
$ce = $dom->createElementNS('http://www.example.com/XFoo', 'xfoo:test', 'Test data!');
$ext[] = new SAML2_XML_Chunk($ce);
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index 7d911300a..e88d1a8d5 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -69,7 +69,7 @@ class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Au
$nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT];
if ($this->nameId) {
- $doc = new DOMDocument();
+ $doc = SAML2_DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $nameID);
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index c57e5bc46..6aafef455 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -707,8 +707,7 @@ class sspmod_saml_IdP_SAML2 {
break;
case 'raw':
if (is_string($value)) {
- $doc = new DOMDocument();
- $doc->loadXML('<root>' . $value . '</root>');
+ $doc = SAML2_DOMDocumentFactory::fromString('<root>' . $value . '</root>');
$value = $doc->firstChild->childNodes;
}
assert('$value instanceof DOMNodeList');
diff --git a/www/saml2/idp/ArtifactResolutionService.php b/www/saml2/idp/ArtifactResolutionService.php
index 66355489e..ac7dd241d 100644
--- a/www/saml2/idp/ArtifactResolutionService.php
+++ b/www/saml2/idp/ArtifactResolutionService.php
@@ -54,8 +54,7 @@ $responseData = $store->get('artifact', $artifact);
$store->delete('artifact', $artifact);
if ($responseData !== NULL) {
- $document = new DOMDocument();
- $document->loadXML($responseData);
+ $document = SAML2_DOMDocumentFactory::fromString($responseData);
$responseXML = $document->firstChild;
} else {
$responseXML = NULL;
--
GitLab